Moving an SSL cert from another server

I previously hosted some websites with a shared host (i.e. 3rd party provider) using IIS on Windows, now I've moved them to my own VPS with ISPConfig installed (i.e. I'm the provider). I'm using "The Perfect Server - Debian Squeeze" installation.

Although I previously used a shared hosting environment, my provider had purchased an SSL certificate for one of my domains (using RapidSSL) and installed it to my site. The certificate was for a domain name as opposed to an IP address.

He has now kindly sent me the certificate file (.pfx) and a separate password which he said is used for installing the certificate. I've checked this certificate and password by installing it on my personal computer (Windows) in the personal certificate store, to verify the password worked okay.

I tried to export the certificate from my personal store in a different format so that I could paste the certificate text into the SSL tab for a site in ISPConfig ... but when I visit the site over https, I get

SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server or it may be requiring a client authentication certificate that you don't have.
Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

Just to report back a success in case anyone else can benefit from this.

So I generated a certificate request using ISPConfig and entered the same details found in the certificate issued by the trusted CA (Equifax) into the ISPConfig SSL tab.

Actually, my imported certificate had multiple OU entries, and ISPConfig doesn't have the option to input more than one, so I simply entered the first one in the chain of OUs from my certificate.

Then I selected "create certificate" and save.

Using the advice given on the first response to this thread, I converted my PKCS12 certificate into a CER (plain text) using the -nodes switch. This gave me a plain text file with sections for the private RSA key and the certificate. At the top of this file was also the OU and Company name found on the certificate issued by the Trusted CA.

I then replaced the private and public keys into the corresponding certificate files (these are in the SSL folder for a given site created in ISPConfig) but LEFT the CSR (certificate request) file as-is.

Then went back into the SSL tab for the given site in ISPConfig, and pasted-in the certificate text, but LEFT the CSR (cert request) as is there. Then select "save certificate" and save.

Suddenly I was able to browse to the https:// version of my site.

NB Google Chrome did give me a certificate error, and to fix this I had to tell ISPConfig about the public IP address of my server using the menu: ISPConfig > System > Server IP Addresses. I had previously not done this. (I'm using an external name server, I think this is why I didn't have to do that previously.)

After doing this, I found my site on https:// worked with no certificate errors - FIXED.

I found I didn't need to then go back into Sites and set the IP address for the given site. I think the reason for that is specific to the fact I'm not using my server as an NS. (?) However I did this anyway, and it broke my site... I selected the wildcard again, and it worked again... but that's another story.